Security Bytes

The popular link shortening service will use VeriSign’s iDefense IP reputation service to detect URLs, domains and IP addresses that host malicious code.

For the security-conscious, those shortened URLs on Twitter can be unnerving. After all, where is that shortened URL really taking you? This summer, security vendors documented how spammers and phishers were exploiting URL shortening services to try to trick users into visiting sketchy sites. On Monday, one URL shortening service provider, bit.ly, made an announcement that promises some security relief on this front: it plans to integrate security services from VeriSign, Websense, and Sophos to boost its defenses against malware and spam.

In a blog post, bit.ly said it will use VeriSign’s iDefense IP reputation service to detect URLs, domains and IP addresses that host malicious code. It will also use the Websense Threatseeker Cloud service to catch spam by analyzing bit.ly links in real time, and Sophos’ behavioral-analysis technology to fend off spam and malware.

According to a Websense blog post, bit.ly will use Websense’s security-as-a-service platform to scan both new and existing shortened links as users click on them. “Websense will conduct full content analysis for the IP sources, websites and Web content behind the bit.ly links, including categorization and reputation analysis of the URL, property type, lexical and search reputation, history, age, geography, neighboring properties and more. If the user attempts to click on a link leading to malicious code, spam or a known phishing site, bit.ly will display an alert describing the threat potential and give the user the option to safely navigate away,” Websense wrote.

“I like bit.ly’s approach of checking existing links in case they get compromised, rather than only scanning new links as they are added. This will make it harder for bad guys to game the system,” Rich Mogull, founder of independent security consulting practice Securosis, said in a blog post.

“This isn’t to say that any of the individual scans, or all of them together, can identify every malicious link they encounter, but this is a significant advance in web services security. It’s a perfect example of cloud computing enhancing security, rather than creating new risks,” he added.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your reply...

There was an error processing your information. Please try again later.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your reply...

About This Blog

Written by the staff of SearchSecurity.com and Information Security magazine, Security Bytes covers topics across the spectrum of security, privacy and compliance, such as network security, IAM and data breaches, as well as the people and issues driving enterprise infosec today.